Meandering thoughts of the Knight household, mostly work and technology related guff.

Wednesday, August 24, 2011

Emulating %LOGONSERVER% For Computer Startup Scripts

%LOGONSERVER% is a useful environment variable to use in logon scripts to see which DC has serviced your request and can be handy to reference if you want to access additional files/shares on the DC. Unfortunately this environment variable is only accessible after logon and isn’t useful for computer startup scripts.

When I need to access the DC that’s providing me with GPOs during a computer startup script I emulate %LOGONSERVER% with the following code:

The FOR statement needs to go in to a script. The FOR statement reads in the commandline used to launch the script and assumes a UNC path used to launch the script. It uses \ as delimiters and picks out the first token (the computer name) and puts it in to %DOMCTLR%.

In my case variable %0 doesn't contain domain controller name but the FQDN; it just return the following string: "\\mydomain.private.com\SYSVOL\mydomain.private.com\Policies\{1F74A5AE-9142-4AD9-A67C-6D4432A81022}\Machine\Scripts\Startup\batch.cmd"

@Anonymous - gotcha.If the startup script is being served up using a DFS path, then it's best to have any additional services served up via DFS path as well.If there's site-specific information required, it's best being handled by another script served up via a GPO linked to the appropriate site.To be honest, I'm not using this much any more. Site-specific GPOs and resources stored in a DFS replica have rendered this method pretty much obsolete for me.

The main goal to retrive DC authenticating clients's computer is to be able to set new IP addresses of DNS servers in correct order using netsh command. I have 6 sites in AD 2003 hosted by 12 DCs. All clients computers are located in same one OU. Now we are replacing few of these DCs including change of IP addresses of them. We use static addresses for the clients XP & Windows 7 (DHCP is not in use) Question is: how to setup on the clients new IP addresses of new DCs (hosting of course DNS)? I needed to determine which DC is authenticating client's computer and based on this setup appropriate IP addresses in correct order. Finally I'm able to determine which DC is authenticating client's computer using command: for /f "tokens=2 delims=\\. " %%i in ('nltest /dsgetdc:mydomain.private.com ^| find /I "DC:"') do set DomainLogonServer=%%iand after that setup DNS servers IPs in correct order:if /I %DomainLogonServer% == DC01 ( netsh interface ip set dns name="Local Area Connection" static address=x.y.z.1 register=primarynetsh interface ip add dns name="Local Area Connection" x.y.z.2netsh interface ip add dns name="Local Area Connection" x.y.z.3 [...])if /I %DomainLogonServer% == DC02 ( netsh interface ip set dns name="Local Area Connection" static address=x.y.z.3 register=primarynetsh interface ip add dns name="Local Area Connection" x.y.z.4netsh interface ip add dns name="Local Area Connection" x.y.z.5)[...]